My favorite presentation at EnFuse 2017 was called “Passwords, Encryption and Preparing Your Engagement for Analysis”. Cracking passwords is a rather straightforward process of gaining access to a system through trial and error. At first this seems tedious; however, there are many efficient ways to help you get to the correct match. There are also technologies that can accelerate the speed at which these password matching or crackings can be done.
Ken Pyle, a partner at DFDR Consulting and has more than 20 years of experience in password recovery and other encryption based work, was the presenter of this talk. His goal was to discuss ways to get the answer while eliminating excess work. This is typically done by hashes, a cryptographic method of validating data integrity. There are many types of hashing algorithms: for example, standards used for Windows XP include NT and NTLM. This continues to be the standard for Windows operating systems to this day. These hashes are secure in holding the passwords. However, as Pyle showed using obsolete Windows 2008 software, a man in the middle attack can be used to retrieve the most secure passwords and use them to infiltrate systems. This is done by retrieving the domain and collecting the hash in a pass the hash attack.
Social Engineering Passwords
Most passwords cracking is actually done through social engineering. One notable point mentioned during the talk is that people always tie their passwords back to something they know like their graduation school, first child, or hometown. Small details like that, most of which are publically available on social media, can give investigators an advantage by targeting passwords recovery attempts around these words and prioritize certain words over others.
Hardware for Recovering Passwords
Lastly, knowing the hardware to use is key in recovering passwords. Graphics cards, GPUs for short, are powerful in making calculations for passwords comparisons. Picking the right GPU is necessary in saving time as well. Nvidia has been making graphics cards for gaming like the high end GTX 1080 along with their Quadro line of graphics cards. They handle data differently and the GTX 1080 is not as powerful in hashing as a Quadro based on what they are built for.
The Quadro line of GPUs are expensive due to their memory capabilities and their Cuda cores. Cuda allows for parallel processing which allows hashing to be faster. In turn, time can be saved when it comes to password recovery. Another large company, AMD, has a similar technology as Cuda called stream processing. Their GPUs have more core at a lower price range which makes entering this field easier than purchasing a Quadro.
Password recovery is a process: this requires having the correct hardware, knowing who the password is being recovered from, and knowing how to implement a system that can take advantage of these components in order to recover passwords faster than before.